A fix is available

Subscribe

You can track all active APARs for this component.

APAR status

Closed as program error.

Error description

Loadable Password Algorithm (LPA) was introduced with
APAR IY97798 in AIX 5.3 TL07. HACMP password utility
(clpasswd) is unable to handle passwords generated by
a LPA (e.g. ssha256).
clpasswd utility is corrupting the encrypted password
when distributing to the nodes, so that a login fails.

Local fix

Problem summary

LPA allows passwords longer than the traditional limit of 8
characters. When C-SPOC propogates the encrypted string
generated for those longer passwords, the encrypted string
will be truncated resulting in corruption of the passwords
on other nodes in the cluster.

Problem conclusion

The following text will be added to the release_notes file:
HACMP cluster-wide C-SPOC password administration does not
support use of the feature allowing passwords longer than 8
characters which became available with the Loadable Password
Algorithm as part of AIX 53 TL 7.